8.8 KiB
vault1984 — From Launch to $100M
Strategic vision — March 2026
The thesis
The AI era creates a new infrastructure requirement: every agent that acts on behalf of a human needs credentials. Every company deploying AI needs those credentials managed securely. No existing password manager was built for this. The incumbents are bolting on MCP. They cannot change their encryption architecture without destroying their current product.
vault1984 is built for this from day one. The window to own this category is open now and will close within 18-24 months as incumbents catch up on features (they can never catch up on architecture).
The model is near-zero marginal cost: a 10MB SQLite file, one binary, the smallest AWS instance. Every dollar of revenue is margin. The strategy is volume at knockout pricing — make competition economically irrational before it starts.
Where we are
Product: Complete. One binary, one SQLite file. WebAuthn PRF key derivation. Three-tier encryption (Vault / Credential / Identity). MCP-native. Browser extension. Import from all major password managers. Automatic backups. Audit log.
Infrastructure: Building out 21 global nodes — AWS where present, local providers where AWS doesn't reach (Nigeria, Tanzania, and other markets where incumbents have no footprint).
Pricing: $12/year individual hosted. Essentially zero marginal cost per user.
Status: Pre-launch. The product is ready. The HN article isn't published. The category is unclaimed.
Step 1 — The HN launch (now)
Goal: 10,000–50,000 individual users in the first 90 days.
Why HN: Zero acquisition cost. Exactly the right audience — developers with AI coding agents who feel the credential problem daily. One good post is worth more than $500K in paid acquisition. This audience validates, then multiplies.
The launch asset: A Show HN post with the working product. The architecture argument. The math-vs-keys story. The Orwell quote.
What success looks like: Front page. 500+ upvotes. Comments debating the architecture (technical credibility). Organic spread to Twitter/X and Lobsters. Signups from developers at major tech companies.
The flywheel: Developer at Kaseya (or Google or Stripe) finds vault1984 on HN → installs for personal use → brings it to their team → becomes an SMB account.
Step 2 — Viral individual growth (months 1–6)
Goal: 100,000 individual users. $1.2M ARR (at $12/year). Zero meaningful CAC.
Channels:
- HN ongoing presence (comment threads, Ask HN)
- Developer Twitter/X — the architecture story is shareable
- GitHub — open source generates stars, stars generate signups
- Word of mouth within AI coding communities (Claude Code, Cursor, Codex users)
The breach trigger: Every time there is a credential breach in the news, vault1984 gets organic signups. The math-vs-keys argument writes itself. We don't pay for this — it's always on.
Infrastructure by this point: All 21 nodes live. Global coverage established. Latency competitive everywhere.
Step 3 — The team wedge (months 3–9)
Goal: Convert individual users to team accounts. First $500K B2B ARR.
The product addition needed: Basic team features — shared vault, invite members, admin view of audit log. Minimal MVP. Not SSO, not SCIM. Just "invite your colleague."
Why it happens organically: Developers don't buy software for their team. They use it personally, then say "we should all use this." The team account exists to formalize what's already happening.
Pricing: $2–3/user/month for teams. A 10-person team pays $240–360/year. Nobody approves this budget — it goes on a credit card.
Step 4 — SMB market (months 6–18)
Goal: 1,000 SMB accounts. 20,000 seats. ~$480K–720K ARR from this segment.
What opens this: Team features from Step 3 + a simple admin console. Nothing more. SMBs don't need SSO. They need "I can see what my team is doing."
The AI agent story: By this point, AI agent adoption in SMBs is mainstream. Every developer team has at least one agent running. The credential problem is visible. vault1984 is the answer that's already been validated by their engineers.
Global coverage matters here: A Nairobi-based SMB or a Lagos startup can deploy vault1984 with local latency. 1Password can't say that. First-mover advantage in emerging markets is captured here.
Step 5 — The $10M ARR milestone (months 12–24)
The math:
| Segment | Users/Seats | Revenue |
|---|---|---|
| Individual | 500,000 × $12/yr | $6.0M |
| Teams/SMB | 150,000 seats × $2.50/mo | $4.5M |
| Total | $10.5M ARR |
At 10x ARR multiple (standard SaaS): $100M+ valuation.
This is achievable without enterprise sales, without SSO, without SOC 2 certification. It's pure volume — individual and team accounts at knockout pricing.
Step 6 — The enterprise angle (months 18–36)
What unlocks it:
- SSO (SAML/OIDC) — single feature that opens MME
- SOC 2 Type II — 12–18 month process, start at month 6
- Dedicated support tier
Why enterprise comes to us (not the other way around): Enterprises with 800 developers already running AI coding agents have the credential problem at scale. Their developers are already using vault1984 personally. The CISO asks "what are all these API keys going to?" — and the answer is vault1984. The sales cycle is pull, not push.
Pricing: $2–3/user/month. A 2,000-seat enterprise pays $48,000–72,000/year. 1Password charges $168,000 for the same. Procurement doesn't negotiate — they just sign.
Step 7 — The MSP channel (months 12–24)
The unlock: Commercial MSP license (separate from Elastic License 2.0).
The MSP argument: MSPs can tell their clients "we cannot read your passwords." No other MSP-delivered solution can say that. vault1984 removes a significant liability from MSPs — they can't be compelled to hand over client credentials they don't have keys to.
Distribution: The MSP channel is multiplicative. One MSP with 100 clients and 20 users each = 2,000 seats. Sign 500 MSPs and you have 1M seats without a single enterprise sales call.
Pricing: $1–1.50/user/month wholesale. MSPs resell at $3–5. Margin for them, still below 1Password direct for their clients.
The competitive moat — why it lasts
Price: Nobody builds a company to compete with $12/year individual and $2-3/user/month enterprise. VCs won't fund it.
Coverage: 21 nodes including markets where 1Password has no infrastructure. Replicating global coverage takes 2–3 years and millions of dollars.
Encryption architecture: 1Password, Bitwarden, Dashlane cannot adopt vault1984's encryption model. Their recovery flow requires operator access — it's baked into their product promise. Copying vault1984 means breaking their existing users. They're architecturally trapped.
Agent-native: They are bolting MCP onto products designed for humans. vault1984 was designed from day one for the model where agents are first-class clients. The product philosophy cannot be copied — only rebuilt.
Timing: The window to establish the category is now. In 18–24 months, incumbents will have shipped "good enough" MCP integrations. The architecture gap will be harder to explain. The coverage gap will narrow. The price gap can be closed with VC money. The time to establish is before any of that happens.
The vault1984 + inou portfolio
vault1984 and inou (inou.com) are built on the same infrastructure philosophy: sensitive personal data, organized and private, ready for your AI. vault1984 handles credentials. inou handles health data. Both: operator-blind, independent infrastructure, "your AI connects to it."
As AI agent adoption grows, every category of sensitive personal data will need this treatment. The portfolio grows with the category.
The strategic value of two products with the same architecture and philosophy, both gaining adoption simultaneously, is significantly higher than either alone. A strategic acquirer in this space buys the platform, not just one product.
What we need to get there
Now:
- HN Show HN post — the launch asset
- /security page on vault1984.com
- Updated README with new naming and tagline
0–3 months:
- Team invite / shared vault (basic, MVP)
- All 21 nodes live
3–6 months:
- Admin console (audit log access, member management)
- Begin SOC 2 Type II process
- Commercial MSP license framework
6–12 months:
- SSO (SAML/OIDC) — unlocks MME
- Mobile apps (iOS/Android) — unlocks consumer fully
- MSP partner program launch
12–24 months:
- SOC 2 Type II certified
- Enterprise tier (dedicated support, SLA, custom contract)
- $10M ARR
Draft — George for Johan. Strategic working document.